Security Onion 20110607 is now available! New features in this release are as follows:

Sguil 0.8 (now with more shininess and anti-aliased fonts!)

Squert 0.8.3 (now with user authentication!)

new tcl/tk packages (resolves a scaling issue when running in VMWare and allows for the anti-aliased fonts mentioned above)

httpry

a new Setup script (adds support for Sguil 0.8 and Squert 0.8.3 and also provides more information once Setup completes)

New Users
New users can download the latest ISO image from here. It should be noted that pentest tools have been removed from this ISO. This includes metasploit, john, ophcrack, and steghide. For more information, please see Issue 106.

In-place Upgrade
Existing Security Onion users can perform an in-place upgrade to version 20110607 using the following commands:

It will then upgrade your box to the latest tcl/tk, Sguil, Squert, and Setup script. If you have an existing Sguil database, it will run the Sguil DB upgrade, which will ask:

Do you want to continue? y
Database password: Press Enter to accept the default of "null" (unless you've changed the MySQL root password)
DB schema needs to be updated: Press Enter to accept the default of "y"
Path to update...Press Enter to accept the default

Please test the upgrade on test machines before upgrading your production machines.

Thanks for that!It'll be a high end server with 4 GB RAM, Xeon processor and 1 TB hdd with RAID array. Would that be sufficient?Anyway, i'll test it for a week and let you know how it goes. Thanks again!!

Security Onion

Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It's based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!